3 matches found
CVE-2023-2805
CVE-2023-2805 affects the WordPress plugin SupportCandy (before 3.1.7). The vulnerability is a SQL injection in the set_add_agent_leaves AJAX handler which fails to sanitize and escape the agents[] parameter before building a SQL statement. The underlying issue is improper handling of user-contro...
CVE-2023-2805 SupportCandy < 3.1.7 - Admin+ SQLi
The SupportCandy WordPress plugin before 3.1.7 does not properly sanitise and escape the agents parameter in the setaddagentleaves AJAX function before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin...
WordPress SupportCandy Plugin < 3.1.7 is vulnerable to SQL Injection
Software SupportCandy Type Plugin Vulnerable versions 3.1.7 Fixed in 3.1.7 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-2805 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID a697ebaed446 Credits dc11 Required privilege Administrator Published 19 June...